\ CLAIMS 

1 1. \ Method for verifying the usage of public keys derived from a set of 

2 asymmetric key ? , a public key (Kp) and private key (Ks) generated for a given use, such as 

3 encryption/decryption or digital signature verification/generation, by an embedded system 

4 and stored in the stoWe area of an embedded system (SO equipped with cryptographic 

5 • calculation means ankxternally accessible read/write-protected means for storing digital 

6 data, this digital data (Ilk) comprising at least a serial number (SNO for identifying the 

7 embedded system and anltentification code (Opj) of an operator authorized to configure said 

8 embedded system, this requ\being formulated by said embedded system by transmitting a 

9 request message (MRCA) containing said public key (Kp) to a certification authority (CA), 
!rt 10 characterized in that this process consists: 

5 x i . prior to any transmission d^a certification request, during the configuration of these 

3 12 embedded systems by this authorizedVratorfpr all the embedded systems (SO of a set (Lk) 

!y 13 of embedded systems: \\\ 

14 - of having this authorized operator generate, for this set of embedded systems, a 

1U 15 mother public key (KpM) and a mother privlekey (KsM) used in connection with a process 

;~! 16 supported by an algorithm (C AIM); \ 

If 17 - of publishing said mother private key (Kpk) associated with the algorithm (CA1M), 

1 18 the identity of this authorized operator (OPj), and witba set (Lk) defining a range of 

19 embedded system identifiers; \ 

20 - of calculating, for each embedded system belonging to this set (Lk) of embedded 

21 systems, from said mother private key (KsM) and from the\enal number (SNO of the 

22 embedded system, a diversified private key (KsMO, and of storing said diversified private key 

23 (KsMi) in said externally accessible, read/write-protected storag^area, and; 

24 • prior to any transmission of a certification request message: 

25 - of having the embedded system generate a certification reque\t(RCA) containing, in 

26 particular, a field of the public key (CA1, Kp) and the usage indicator^) of this public key, 

27 - of calculating, using said calculation means and said diversified k^M [KsMi) 

28 associated with this embedded system, a cryptographic control value (ScO oVhe entire 

29 request (RCA), said cryptographic control value being a digital signature calculated by means 

30 of the diversified private key (KsMO; \ 
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3 1 \vhen a certification request is sent to the certification authority by the embedded 

32 system: 

33 - of forming a certification request message (MRCA) containing the request (RCA), the 

34 identifier (IDdjW the embedded system, the latter being constituted by the identifier (OPj) of 

35 this authorized ojWator and by the serial number (SNO of the embedded system, and the 

36 cryptographic control value (ScO; 

37 - of transmitting\o the certification authority (CA) said request message (MRCA) 

38 formed during the preceding phase and containing the public key (Kp) and the usage 

39 indicators (U) subject to saiii certification, and said cryptographic control value (ScO; 

40 • when a certification r^uest message (MRCA) is received by the certification 

41 authority: 

! fj 42 - of retrieving the identity of N^author^zed operator (OPj) from the identifier (IDdO of 

43 the embedded system, 

ijj 44 . of retrieving, from said identifierVOPj) ^fthis authorized operator, the value of the 

jH 45 mother public key (KpM) as well as the id^ti-fifer of the algorithm (CA1M) associated with 

%i 46 the set to which the embedded system belongs 

1-47 - of verifying, from said mother public keV (KpM), from said serial number (SNO of the 

!2 48 embedded system, and from said certification request message (MRCA) received, said 

li 49 cryptographic control value (Sci), which makes it possible to establish the authenticity of this 

O 50 cryptographic control value and the source of this certification request. 

1 2. Method according to claim 1, characterized insthat when the certification 

2 request is generated by the embedded system, the method also Consists of generating, at the 

3 embedded system level, the certification request (RCA), which is\omposed of three fields, 

4 i.e.: a public key algorithm identifier (CA1), a public key value (Kp\and an indicator of the 

5 usages of this key (U). 



1 3. Method according to claim 1, characterized in that when the certification 

2 request is completed by the embedded system during the step consisting of communicating a 

3 certification request template (GRCA) to said embedded system, the method alsoVmsists: 

4 of checking, at the embedded system level, the syntax of the certification request 

5 template (GRCA) in order to make sure that it is a correctly formed certification request, and 
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6 - \ of conditioning the step consisting of having the embedded system fill in the missing 

7 fieldsW the certification request template (GRCA) to a positive verification. 
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4. \ Method according to claim 1 , characterized in that, for a set of asymmetric 
signature keV (Kp), (Ks) generated by said embedded system, the cryptographic calculation 
means of this embedded system allowing the use of the private key (Ks) only for signature 
generation puipo\s, said private key (Ks) stored in said externally accessible read/write- 
protected storage area being unknown to the user and limited to a utilization exclusively for 
digital signature purpcW the utilization of said key is limited to signature purposes and the 
utilization of the certificate containing the corresponding public key is limited, in practice, to 
signature verification purposes. 

5. Method accordinW^lalrrTl, characterized in that for a set of asymmetric 
keys, a public encryption key (Ep^nfiV privat^decryption key (Ds) generated by said 
embedded system, the method conkisfea^ociating, with said keys (Ep), (Ds) and with the 
asymmetric decryption process, a sV&ric "weak" decryption process and key, the 
symmetric decryption key being encryptefcLthen decrypted, by means of the private 
asymmetric decryption key (Ds), said privaWy (Ds) stored in said externally accessible 
read/write protected storage area being unknown to the user, which makes it possible to 
authorize the utilization of said key only for weik decryption purposes, the utilization of the 
certificate containing the corresponding public kejNbeing limited, in practice, to weak 
encryption purposes. 

6. Embedded system comprising a calculatioXunit, a RAM, a nonvolatile 
memory comprising a programmable memory comprising a\externally accessible protected 
storage area, a cryptographic calculation module and an input/output system connected by a 
link of the BUS type, characterized in that said embedded systernVomprises at least: 

- a diversified key KsMj stored in said externally accessibleVotected memory, said 
diversified private key, unique and distinct for this embedded systeiAnd calculated from a 
mother private key KsM and an identification number of this embeddedWem, being 
associated with a mother public key KpM; said cryptographic calculation \odule comprising: 

- means for calculating a signature from said diversified private key K^Mi , making it 

possible to calculate the signature of a request to certify a public key Kp associated with a 
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private encryption&ey Ks or signature key, respectively, said private key Ks generated by 
said signature calculation means being stored in said protected memory, this signature of a 
certification request being a faction of the identification number of this embedded system, 
said signature calculationVar^ making it possible to transmit to a certification authority a 
certification request messagLfcatning said certification request and said signature, which 
allows said certification authority to verify the source of the certification request from this 
embedded system and the protean of said diversified private key and private signature key 
in said externally accessible protected memory using only public elements, such as said 
mother public key KpM. 




23 



